Kubernetes GitOps Practices

by Bala

Implement GitOps workflows for Kubernetes deployments

Kubernetes GitOps Practices

GitOps is a modern approach to continuous deployment for cloud native applications. This guide covers essential GitOps practices for Kubernetes.

Video Tutorial

Learn more about GitOps practices in Kubernetes in this comprehensive video tutorial:

Prerequisites

  • Basic understanding of Kubernetes
  • Access to a Kubernetes cluster
  • kubectl CLI tool installed
  • Familiarity with Git workflows

Project Structure

.
├── gitops/
│   ├── argocd/          # ArgoCD configurations
│   ├── flux/            # Flux configurations
│   ├── manifests/       # Kubernetes manifests
│   └── environments/    # Environment configs
└── monitoring/
    ├── sync-status/     # Sync monitoring
    └── alerts/          # GitOps alerts

ArgoCD Setup

1. Application Definition

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: myapp
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/org/app.git
    targetRevision: HEAD
    path: kubernetes
  destination:
    server: https://kubernetes.default.svc
    namespace: myapp
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

2. Project Configuration

apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: myproject
  namespace: argocd
spec:
  description: My GitOps Project
  sourceRepos:
  - '*'
  destinations:
  - namespace: '*'
    server: https://kubernetes.default.svc
  clusterResourceWhitelist:
  - group: '*'
    kind: '*'

Flux Configuration

1. Source Configuration

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
  name: app-source
  namespace: flux-system
spec:
  interval: 1m
  url: https://github.com/org/app
  ref:
    branch: main

2. Kustomization

apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: app-kustomization
  namespace: flux-system
spec:
  interval: 5m
  path: ./kubernetes
  prune: true
  sourceRef:
    kind: GitRepository
    name: app-source
  targetNamespace: default

Environment Management

1. Base Configuration

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- ingress.yaml

2. Production Overlay

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
patchesStrategicMerge:
- production-resources.yaml

Monitoring Setup

1. Sync Status Monitoring

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: gitops-monitor
spec:
  selector:
    matchLabels:
      app: argocd-metrics
  endpoints:
  - port: metrics

2. Alert Configuration

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: gitops-alerts
spec:
  groups:
  - name: gitops
    rules:
    - alert: SyncFailed
      expr: argocd_app_sync_status{status="OutOfSync"} > 0
      for: 15m
      labels:
        severity: warning

Secret Management

1. Sealed Secrets

apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  name: mysecret
spec:
  encryptedData:
    password: AgBy8hCK8s...

2. External Secrets

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: aws-secret
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: aws-secret-store
    kind: SecretStore
  target:
    name: application-secret
  data:
  - secretKey: password
    remoteRef:
      key: app/production/password

Best Practices Checklist

  1. ✅ Infrastructure as Code
  2. ✅ Automated sync
  3. ✅ Environment management
  4. ✅ Secret handling
  5. ✅ Monitoring setup
  6. ✅ Drift detection
  7. ✅ Rollback capability
  8. ✅ Access control
  9. ✅ Audit logging
  10. ✅ Documentation

GitOps Workflows

Continuous Deployment

  • Git as single source of truth
  • Automated synchronization
  • Drift detection
  • Self-healing

Progressive Delivery

  • Canary deployments
  • Blue-green deployments
  • A/B testing
  • Rollback procedures

Multi-Environment

  • Development
  • Staging
  • Production
  • Feature environments

Common GitOps Pitfalls

  1. ❌ Manual interventions
  2. ❌ Unencrypted secrets
  3. ❌ Poor monitoring
  4. ❌ Insufficient testing
  5. ❌ Missing documentation

Deployment Strategies

1. Canary Deployment

apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: canary-rollout
spec:
  replicas: 5
  strategy:
    canary:
      steps:
      - setWeight: 20
      - pause: {duration: 1h}
      - setWeight: 40
      - pause: {duration: 1h}
      - setWeight: 60
      - pause: {duration: 1h}
      - setWeight: 80
      - pause: {duration: 1h}

2. Blue-Green Deployment

apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: bluegreen-rollout
spec:
  strategy:
    blueGreen:
      activeService: app-active
      previewService: app-preview
      autoPromotionEnabled: false

Repository Structure

1. Monorepo Approach

.
├── apps/
│   ├── app1/
│   │   ├── base/
│   │   └── overlays/
│   └── app2/
│       ├── base/
│       └── overlays/
└── infrastructure/
    ├── monitoring/
    └── networking/

2. Multi-repo Approach

app-repo/
├── kubernetes/
│   ├── base/
│   └── overlays/
infrastructure-repo/
├── monitoring/
└── networking/

Conclusion

Implementing these GitOps practices ensures reliable and consistent deployments in your Kubernetes clusters. Regular reviews and updates of GitOps workflows are essential for maintaining efficiency.

Additional Resources